xss on personalized page

Posts: 586Location: He is back and he's bad!Joined: 25.11.07 Rank: Mad User

Posted on 23-04-09 17:41

here's the deal, I've found couple of xss holes in a site. It works rather like gmail, i.e. you login with your email details and then you can edit your peronal page content. Now of course since I can get the xss only on my pages, it can't be exploited. Normally I'd try to exploit the vulnerability via csrf, i.e. make the person to send the necessary get requests, however all the variable input is properly verified with hash ids, so that isn't possible. So basically have you any alternatives to the csrf approach how could you make use of the vulnerability?

[img][/img]

spyware - "They see me trollin'..."<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

RE: xss on personalized page

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 23-04-09 17:57

I'm not entirely sure what you mean, but, from what I gathered, could you not put in a redirection to your own site with the requests as well as a JS script to go back 2 history things history(-2) I think it is....

EDIT:
Or you could set up an XSS shell inject the page with it and do whatever, execute your own JS steal the cookies etc.

Edited by on 23-04-09 18:00

Author

RE: xss on personalized page

Posts: 586Location: He is back and he's bad!Joined: 25.11.07 Rank: Mad User

Posted on 23-04-09 18:17

SaMTHG wrote:
I'm not entirely sure what you mean, but, from what I gathered, could you not put in a redirection to your own site with the requests as well as a JS script to go back 2 history things history(-2) I think it is....

that would be the regular way, the problem is that the arbitrary JS can be executed only when I login with my details, thus I can only redirect myself and steal my own cookies, which isn't that great

EDIT:
Or you could set up an XSS shell inject the page with it and do whatever, execute your own JS steal the cookies etc.

Thanks for that, I have to look into it, never used it before...

[img][/img]

spyware - "They see me trollin'..."<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.